[eluser]Sarfaraz Momin[/eluser]
Try writing the upload routine. The upload_url outside the authenticated area and it should work fine. The page from which is it uploading can be under security but the processing page can be a different controller outside the authenticated area. For now this workaround is good to make it work with CI 1.7.x with the new session class.